Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2020-8473

    Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files. An authenticated attacker who successfully exploit the vul... Read more

    Affected Products : 800xa_base_system
    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8472

    Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow l... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8471

    For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.4

    HIGH
    CVE-2020-8470

    Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not re... Read more

    • Published: Mar. 18, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8469

    Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability would could potentially allow an attacker privleged escalation.... Read more

    Affected Products : password_manager
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8466

    A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8465

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8464

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8463

    A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2020-8462

    A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8461

    A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.... Read more

    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8450

    An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.... Read more

    Affected Products : ubuntu_linux fedora debian_linux leap squid
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8449

    An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.... Read more

    Affected Products : ubuntu_linux fedora debian_linux leap squid
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8448

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a denial of service (NULL pointer dereference) via crafted messages written directly to the analysisd UNIX domain socket by a local user.... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8447

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of syscheck formatted msgs (received from authenticated remote agents and delivered to the analysisd p... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8446

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8445

    In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitte... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8444

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a use-after-free during processing of ossec-alert formatted msgs (received from authenticated remote agents and delivered to the analysis... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2020-8443

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delive... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8442

    In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.... Read more

    Affected Products : ossec
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294853 Results